SailPoint IIQ - Powershell RPCService - Return Results

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

8.3p4

Share all details about your problem, including any error messages you may have received.

I’m attempting to execute Powershell script via the RPCService. Thus far, I am able to call the service and execute the Powershell script, which will write to a txt or csv file, and then I can read back the file. That’s the “easy” part, and completely acceptable for the time being. What I’d like to do is take this a step further and eliminate writing to and reading from a file, and return a value from the Powershell script back to IIQ. It appears to be possible from other posts I have read, but I’m not receiving any values back and have not found any solutions. I’m not getting any errors, just the standard RPCResponse

image
image556×130 5.33 KB

This is the IIQ rule I’m using to call the RPCService

  Map data = new HashMap();

  Application ad = context.getObjectByName(Application.class, "ActiveDirectory");

  Rule theRule = context.getObjectByName(Rule.class, "SourceRule");
  
  AccountRequest acctReq = new AccountRequest();
  acctReq.setApplication("IIQ");
  acctReq.setNativeIdentity("FAKE");
  acctReq.setOperation(AccountRequest.Operation.Modify);
  
  acctReq.add(new AttributeRequest("targetUser","USERID"));
  
  data.put("Request",acctReq);
  
  data.put("Application", ad.getAttributes());

  data.put("postScript", theRule);

  RPCService service = new RPCService("IQService_Server", 5055, false, true);
  
  service.setConnectorServices(new sailpoint.connector.DefaultConnectorServices());
  
  service.checkForErrors(false);

  RpcRequest request = new RpcRequest("ScriptExecutor", "runAfterScript", data);

  RpcResponse response = service.execute(request);
  
  return response;

And this is the Powershell scipt/rule

  Add-type -path C:\Sailpoint\IQService\Utils.dll

  $sReader = New-Object System.IO.StringReader([System.String]$env:Request);
  
  $xmlReader = [System.xml.XmlTextReader]([sailpoint.Utils.xml.XmlUtil]::getReader($sReader)); 
  
  $requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
  
  $resultObject = New-Object Sailpoint.Utils.objects.ServiceResult;

  $attributes = @{}
  
  foreach ($attribute in $requestObject.AttributeRequests){
    
    $attributes[$attribute.Name] = $attribute.Value;
  }
  
    $resultObject.Messages.add("Some value");

Am I missing something? What the above code does is send over the “fake” Account Request. I take the value from the request (targetUser) and then pass that to the Powershell script to get some data about the user. The goal is to send back one attribute (like lastlogondate, for example) to IIQ. That’s not in the Powershell code - I’m still trying to get the script to pass data back to IIQ. Thoughts?

2

@RSanders I am hoping you used this page to make this code.

Running Powershell directly via the IQService - Compass

Solved: How to call a standalone Powershell script - Compass

try


$resultObject.toxml() | out-file $args[0];

this will return back to iiq.

3

Your first link takes me to where I started, which was very helpful in getting this going, but the line

$resultObject.toxml() | out-file $args[0];

Is simply piping the XML representation of the resultObject to a file (as per this excerpt from the first link:
image

I’m looking for a way to return a value from the powershell script to IIQ - for example, the Rule Results screen that pops up after running a rule from Object Explorer. If I can successfully have the script return some data to IIQ in the results screen, then I know I’m getting data back from the script and can use that for some other process.

4

you have to call ps file before handling output, you can create a simple ps file that has only one line

return "test"

and see if that will get return as output. that’s why in document its mentioned as below

Once you've completed your Powershell actions, you will need to return some values back to IIQ. You will do this by dumping an object XML to the filename passed as the first parameter to your script. The IQService will read an appropriate object out of that file and pass it back to IIQ. (As with the input, this indirect method is used so that any number of scripting interfaces, not only Powershell, can be invoked by the IQService.)
5

So, I’ve tried your first suggestion:

image
image626×229 7.73 KB

And by itself, it did change the RPCResponse slightly:
image

Then I created a local script (in c:\sailpoint\iqservice\log) with only one line: return “test”, and can only assume it’s being called from the Powershell rule like this:

image
image636×251 8.22 KB

But still no output. Where does $args[0] come from? How is its data set?

6

Scratch all that - I finally got it.

I was missing:

$resultObject.Messages.add("Some Value")

And then call

$resultObject.toxml() | out-file $args[0];

image
image559×130 4.7 KB

1 Like
7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.